Cleo File Transfer Vulnerability Under Exploitation – Patch Pending, Mitigation Urged

December 10, 2024 at 11:48AM Users of Cleo-managed file transfer software are urged to secure their systems due to exploitation of a remote code execution vulnerability (CVE-2024-50623). Despite patches, the issue persists, affecting products like Cleo Harmony and VLTrader. At least 10 companies have been compromised, with evidence of ransomware involvement. ### Meeting Takeaways – … Read more

Cybercrime Gangs Abscond With Thousands of AWS Credentials

December 10, 2024 at 11:21AM Cybercriminal gangs exploited public website vulnerabilities to steal AWS cloud credentials from numerous organizations, uncovered by researchers from CyberCyber Labs. The attackers, linked to groups Nemesis and ShinyHunters, misconfigured an AWS S3 bucket containing stolen data. AWS confirmed the incident was due to customer application flaws, not their systems. ### … Read more

Cleo File Transfer Tool Vulnerability Exploited in Wild Against Enterprises

December 10, 2024 at 09:48AM Huntress warned of an exploited vulnerability (CVE-2024-50623) in Cleo’s file transfer products, affecting over 1,700 servers, mostly in consumer and shipping sectors. Despite a patch, it failed to secure systems, allowing unauthorized access and persistent threats. Cleo plans to release a new patch shortly. **Meeting Takeaways:** 1. **Vulnerability Identified**: Huntress … Read more

SAP Patches Critical Vulnerability in NetWeaver

December 10, 2024 at 08:57AM SAP released nine new and four updated security notes on December 2024 Security Patch Day, addressing critical vulnerabilities in NetWeaver AS for Java. Notably, CVE-2024-47578 poses a significant risk of complete system compromise. Users are urged to implement the security updates promptly, although there are no known active exploits. ### … Read more

Microsoft NTLM Zero-Day to Remain Unpatched Until April

December 9, 2024 at 05:44PM Microsoft issued guidance to mitigate NTLM relay attacks following the discovery of a zero-day bug affecting all Windows versions, enabling credential theft through malicious files. The bug’s fix is anticipated in April. Organizations are advised to enable Extended Protection for Authentication (EPA) to strengthen defenses against these vulnerabilities. ### Meeting … Read more

Large-Scale Incidents & the Art of Vulnerability Prioritization

December 9, 2024 at 10:04AM Cybersecurity defenders face increasing vulnerabilities due to a growing IT environment. Recent reports indicate that 14% of breaches exploit vulnerabilities, emphasizing the need for clear prioritization strategies. Learning from past incidents like MOVEit and Log4j can guide effective vulnerability evaluation and management, including the adoption of secure-by-design principles. ### Meeting … Read more

QNAP Patches Vulnerabilities Exploited at Pwn2Own

December 9, 2024 at 08:29AM QNAP Systems announced security patches for vulnerabilities discovered at Pwn2Own Ireland 2024, including a severe command injection flaw (CVE-2024-50393) and a CRLF injection bug (CVE-2024-48868), both with CVSS scores of 8.7. Users are urged to update their systems to protect against potential attacks. ### Meeting Takeaways 1. **Vulnerability Patches Released**: … Read more

Blue Yonder ransomware termites claim credit

December 8, 2024 at 10:10PM The Termite ransomware gang claimed responsibility for a ransomware attack on Blue Yonder, stealing 680GB of data. Blue Yonder’s operations were disrupted, affecting clients like Starbucks and UK grocery chains. Additionally, a Nigerian scammer received eight years in prison for a business email compromise scheme that stole over $6 million. … Read more

Researchers Uncover Flaws in Popular Open-Source Machine Learning Frameworks

December 6, 2024 at 07:18AM Cybersecurity researchers uncovered multiple vulnerabilities in open-source machine learning tools like MLflow, H2O, and PyTorch, which can enable code execution. Detected by JFrog, these flaws potentially allow attackers to access sensitive information and perform lateral movements within organizations, highlighting the need for caution with untrusted ML models. ### Meeting Takeaways … Read more

PoC Exploit Published for Unpatched Mitel MiCollab Vulnerability

December 6, 2024 at 06:38AM WatchTowr warned of an unpatched vulnerability in the Mitel MiCollab platform, allowing attackers to access restricted resources. Over 16,000 instances are affected, with an arbitrary file read flaw requiring admin authentication to exploit. Mitel has released patches for related vulnerabilities and recommends users update to the latest version. **Meeting Takeaways:** … Read more